Lili achieves PCI DSS compliance using the visibility provided by Wiz

Lili looked to strengthen its cloud security posture with easy to use cloud security tools. Wiz helped the banking app remediate its most critical risks and perform architecture reviews as part of its PCI DSS audit process.

Lili Bank


Financial Services


North America

Cloud Platforms

Ready to start?
Get a demo

Lili is an all-in-one banking app designed for anyone who runs a business on their own, whether they operate as sole proprietors (with or without DBA) or Single-Member LLC. By combining a business checking account with technology to save on taxes and built-in tools to streamline their accounting, Lili helps freelancers and small businesses alike improve their bottom line, and save time and energy throughout the year on the money stuff.

Wiz is my eyes. Without it, I would be blind.

Omri Nachum
CISO, Lili

Lili has been cloud-native from day one, leveraging the power and flexibility offered by Amazon Web Services (AWS) to manage its backend infrastructure. When CISO Omri Nachum joined Lili in 2021, he immediately set about strengthening Lili’s cloud security posture and processes. “We were already using other cloud security tools, but we were looking for a more user-friendly experience and better service as these solutions are very complex.”

Within minutes of connecting Wiz to their AWS environment, Lili started discovering new vulnerabilities and toxic combinations of risk factors that former tools had not. Thanks to its agentless scanning and hundreds of built-in controls, Wiz offers unparalleled visibility into the constellations of risks that malicious actors take advantage of. Lili also discovered that Wiz maps built-in policies to external compliance frameworks like PCI DSS. Moreover, every PCI DSS requirement is listed in Wiz, even those that cannot be automatically checked.

Wiz gives me a complete, detailed map to understand what needs to be done to achieve compliance. It’s my checklist.

Omri Nachum
CISO, Lili

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard maintained by the PCI Security Standards Council that seeks to enhance global payment account data security and reduce credit card fraud. Companies that process credit card payments are subject to PCI DSS requirements and can face fines from credit card issues for failing to demonstrate compliance.

To prepare for their annual PCI DSS audit, Lili used Wiz to proactively remediate their most critical risks and perform architecture reviews. During the audit, Ohad Zeruya, from Lili’s DevOps team, used Wiz to map network elements and quickly answer the auditor’s specific questions about scanning for vulnerabilities, testing firewall settings, patch management, and the inventory of all applications. Instead of struggling to integrate the siloed perspectives generated by several different tools, he had all of the information he needed in a single intuitive interface.

To answer the PCI auditor’s questions, I just opened Wiz and showed him all of the notifications and reports. He was amazed that Wiz scans for vulnerabilities every day, not just once every three months.

Ohad Zeruya
DevOps, Lili

Looking forward, Lili is building Wiz into its ongoing processes to monitor and maintain PCI compliance. These processes are a key aspect of maintaining PCI compliance, and Wiz provides Lili the visibility and automated alerting to streamline their execution. The DevOps team at Lili is empowered by Wiz to build more quickly, safely, and secure by truly becoming DevSecOps.

Want to learn how your cloud security program can achieve the same results as Lili? Take a closer look at Wiz's cloud security solutions for financial services.

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management